/* This Source Code Form is subject to the terms of the Mozilla Public
 * License, v. 2.0. If a copy of the MPL was not distributed with this
 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */

#include "nsISupports.idl"

interface nsICookie2;
interface nsIURI;
interface nsIChannel;

typedef long nsCookieAccess;

/**
 * An interface to test for cookie permissions
 */
[scriptable, uuid(11ddd4ed-8f5b-40b3-b2a0-27c20ea1c88d)]
interface nsICookiePermission : nsISupports
{
  /**
   * nsCookieAccess values
   */
  const nsCookieAccess ACCESS_DEFAULT = 0;
  const nsCookieAccess ACCESS_ALLOW   = 1;
  const nsCookieAccess ACCESS_DENY    = 2;

  /**
   * additional values for nsCookieAccess which may not match
   * nsIPermissionManager. Keep 3-7 available to allow nsIPermissionManager to
   * add values without colliding. ACCESS_SESSION is not directly returned by
   * any methods on this interface.
   */
  const nsCookieAccess ACCESS_SESSION = 8;
  const nsCookieAccess ACCESS_ALLOW_FIRST_PARTY_ONLY = 9;
  const nsCookieAccess ACCESS_LIMIT_THIRD_PARTY = 10;

  /**
   * setAccess
   *
   * this method is called to block cookie access for the given URI.  this
   * may result in other URIs being blocked as well (e.g., URIs which share
   * the same host name).
   *
   * @param aURI
   *        the URI to block
   * @param aAccess
   *        the new cookie access for the URI.
   */
  void setAccess(in nsIURI         aURI,
                 in nsCookieAccess aAccess);

  /**
   * canAccess
   *
   * this method is called to test whether or not the given URI/channel may
   * access the cookie database, either to set or get cookies.
   *
   * @param aURI
   *        the URI trying to access cookies
   * @param aChannel
   *        the channel corresponding to aURI
   *
   * @return one of the following nsCookieAccess values:
   *         ACCESS_DEFAULT, ACCESS_ALLOW, ACCESS_DENY, or
   *         ACCESS_ALLOW_FIRST_PARTY_ONLY
   */
  nsCookieAccess canAccess(in nsIURI     aURI,
                           in nsIChannel aChannel);

  /**
   * canSetCookie
   *
   * this method is called to test whether or not the given URI/channel may
   * set a specific cookie.  this method is always preceded by a call to
   * canAccess. it may modify the isSession and expiry attributes of the
   * cookie via the aIsSession and aExpiry parameters, in order to limit
   * or extend the lifetime of the cookie. this is useful, for instance, to
   * downgrade a cookie to session-only if it fails to meet certain criteria.
   *
   * @param aURI
   *        the URI trying to set the cookie
   * @param aChannel
   *        the channel corresponding to aURI
   * @param aCookie
   *        the cookie being added to the cookie database
   * @param aIsSession
   *        when canSetCookie is invoked, this is the current isSession attribute
   *        of the cookie. canSetCookie may leave this value unchanged to
   *        preserve this attribute of the cookie.
   * @param aExpiry
   *        when canSetCookie is invoked, this is the current expiry time of
   *        the cookie. canSetCookie may leave this value unchanged to
   *        preserve this attribute of the cookie.
   *
   * @return true if the cookie can be set.
   */
  boolean canSetCookie(in nsIURI     aURI,
                       in nsIChannel aChannel,
                       in nsICookie2 aCookie,
                       inout boolean aIsSession,
                       inout int64_t aExpiry);
};

%{ C++
/**
 * The nsICookiePermission implementation is an XPCOM service registered
 * under the ContractID:
 */
#define NS_COOKIEPERMISSION_CONTRACTID "@mozilla.org/cookie/permission;1"
%}
